image-studio
Warn
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill directs the agent to run local Python scripts using shell commands (e.g.,
python generate.py --prompt "...") that incorporate untrusted user input directly. This creates a risk of command injection where a user could potentially execute arbitrary code by including characters like semicolons or pipes in their prompt. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing arbitrary user text and passing it to command-line tools without sanitization or protective delimiters.
- Ingestion points: User-provided text for image generation and customization (SKILL.md).
- Boundary markers: None detected in the command-building logic.
- Capability inventory: Execution of local scripts with high-level tool access (SKILL.md).
- Sanitization: No evidence of input filtering or escaping for the shell command arguments.
- [DATA_EXFILTRATION]: The skill documentation exposes sensitive information by hardcoding absolute local paths (
C:\Users\renat\skills\...), which leaks the author's local Windows username and directory structure.
Audit Metadata